IT directors must be prepared to handle police data requests


IT directors must be prepared to handle police data requests

Bill Goodwin
Businesses with e-commerce operations must be prepared to receive police orders forcing them to disclose electronic records about their customers, security experts warned this week.

Law enforcement agencies are planning to use electronic surveillance laws intended to give government bodies access to communications data held by Internet service providers (ISPs) to obtain businesses records of visitors to firms' Web sites.

The warning comes as an international report singled out the UK as having laws which undermine the rights of individuals to electronic privacy. The report, published by the US-based Electronic Privacy Information Centre, and UK body Privacy International, claimed that the Data Protection Act has done little to limit the growth of surveillance, particularly since the 11 September terrorist attacks.

IT security experts attending a conference at the London School of Economics to launch the report said surveillance laws, such as the Regulation of Investigatory Powers Act and the Anti-Terrorism, Crime and Security Act, will have a direct impact on IT directors.

Richard Clayton, spokesman for the Foundation for Information Policy Research, said, "The police have belatedly realised that the communications traffic they are looking for is not held by ISPs.

"They want logs to find out who has been buying flight tickets from Web bucket-shops, for example. They have been working on the assumption that the ISPs have the Web logs - they don't, the online companies do."

Clayton advised IT directors to take advice now, so they know what their rights are and how they should respond if they receive a request for data.

"You should look hard at the data you are keeping and ask yourself whether there is a business need for it. If you do not need it, you are breaching the Data Protection Act if you keep it. But you also risk finding yourself coerced to disclose it," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy